FirstBlood-#204Info leak that leads to non admin login
This issue was discovered on FirstBlood v1.0.0



On 2021-05-12, d20s84 Level 3 reported:

Summary : Private code(invite key) is readily available in reddit forum that can be used with availabe doctor names in order to login credentials .

Steps:

  1. Open the reddit link to obtain the private key : https://www.reddit.com/r/BugBountyHunter/comments/n4xzw1/firstbloodhackerscom_doctor_registration/
  2. Browse to the endpoint : /doctors.html to obtain doctor's name. They can be used as usernames .
  3. feed the credentials to /register.php. Boom !!! The login credentials to non administrative accounts are provided.

P2 High

Endpoint: /register.php

Parameter: -

Payload: -


FirstBlood ID: 15
Vulnerability Type: Auth issues

A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.